[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3360-1] icu security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3360-1                   security@debian.org
https://www.debian.org/security/                 Laszlo Boszormenyi (GCS)
September 15, 2015                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icu
CVE ID         : CVE-2015-1270
Debian Bug     : 798647

It was discovered that the International Components for Unicode (ICU)
library mishandles converter names starting with x- , which allows
remote attackers to cause a denial of service (read of uninitialized
memory) or possibly have unspecified other impact via a crafted file.

For the stable distribution (jessie), this problem has been fixed in
version 52.1-8+deb8u3.

For the testing distribution (stretch), this problem has been fixed
in version 55.1-5.

For the unstable distribution (sid), this problem has been fixed in
version 55.1-5.

We recommend that you upgrade your icu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV+ELBAAoJEK+lG9bN5XPLC24QAIXycfVpH1VzrqIOi7IzkmXf
aCJ9B+m/BWSmnEfVVm42w3u0gGd7wQZSbMi5azEdHYpec6g9Defc4XfVp8ngD9Gk
37Gha8gZZ4Sbxc1tXwMwwwyP2+E+6QDrNzniSwtCNgk4UV9VUSGCNhLJBva5tV1Y
JSeFVHTpl/Urj7CwdRYvlMIbVCTvcnS0FJ34LeylnXTa5k4Z2ZyO5o6a7Gd8YsAD
mGJ2VWA0axNgXXpGhazLfRPQ2PauLfqWN0VpMualqejMPZd2ABRUxrZ7eUuG4AGx
u0HsGnQAQrMn9ZUChTjX8HpDW7OH39B0Z0nVlSITeC4L5gK8SY5lHgmg8zV/Uk1L
jzTwsZty2wfyxsti8XXlY9UHKNcUjB+8bg8WdftzC765HCiNJOXJCGHeklIiHqk7
T5K2H7YuNPMqMuaqgYE7zbgu3JVY9ixNk9DV9aEsgDGjrcs9OXC5U0mkV/++VHlC
ebpcKw02aVEl2Yf7MbX+M0cLiCHo3RM56LQUa02SivwBC5gWULwaSKaRSasoEWEP
knrBzmC5rdyztXipe2undXFyJuACBAuemP8eQSLY7tpFecc52KKnKMN2lru9hzAj
CSXmOvUwwZGmKdwTCMM9RepCoqpNv7Y21ejxCAzUiZ9vjlzVEdRdIeUri/UqGm+E
24PlDUC7o0eS12jqWAVx
=ADH3
-----END PGP SIGNATURE-----


Reply to: